DETECT_FLOW,
/* end prefilter sort */
- /* values used in util-var.c go here, to avoid int overflows
- * TODO update var logic to use a larger type, see #6855. */
+ /* values used in util-var.c go here, to avoid int overflows */
DETECT_THRESHOLD,
DETECT_FLOWBITS,
DETECT_FLOWVAR,
/** struct for storing per flow thresholds. This will be stored in the Flow::flowvar list, so it
* needs to follow the GenericVar header format. */
typedef struct FlowVarThreshold_ {
- uint8_t type;
- uint8_t pad[7];
+ uint16_t type;
+ uint8_t pad[6];
struct GenericVar_ *next;
FlowThresholdEntryList *thresholds;
} FlowVarThreshold;
}
/** \brief Store flowvar in det_ctx so we can exec it post-match */
-int DetectVarStoreMatchKeyValue(DetectEngineThreadCtx *det_ctx,
- uint8_t *key, uint16_t key_len,
- uint8_t *buffer, uint16_t len, int type)
+int DetectVarStoreMatchKeyValue(DetectEngineThreadCtx *det_ctx, uint8_t *key, uint16_t key_len,
+ uint8_t *buffer, uint16_t len, uint16_t type)
{
DetectVarList *fs = SCCalloc(1, sizeof(*fs));
if (unlikely(fs == NULL))
}
/** \brief Store flowvar in det_ctx so we can exec it post-match */
-int DetectVarStoreMatch(DetectEngineThreadCtx *det_ctx,
- uint32_t idx,
- uint8_t *buffer, uint16_t len, int type)
+int DetectVarStoreMatch(
+ DetectEngineThreadCtx *det_ctx, uint32_t idx, uint8_t *buffer, uint16_t len, uint16_t type)
{
DetectVarList *fs = det_ctx->varlist;
void DetectFlowvarRegister (void);
int DetectFlowvarPostMatchSetup(DetectEngineCtx *de_ctx, Signature *s, uint32_t idx);
-int DetectVarStoreMatch(DetectEngineThreadCtx *,
- uint32_t, uint8_t *, uint16_t, int);
-int DetectVarStoreMatchKeyValue(DetectEngineThreadCtx *,
- uint8_t *, uint16_t, uint8_t *, uint16_t, int);
+int DetectVarStoreMatch(DetectEngineThreadCtx *, uint32_t, uint8_t *, uint16_t, uint16_t);
+int DetectVarStoreMatchKeyValue(
+ DetectEngineThreadCtx *, uint8_t *, uint16_t, uint8_t *, uint16_t, uint16_t);
/* For use only by DetectFlowvarProcessList() */
void DetectVarProcessListInternal(DetectVarList *fs, Flow *f, Packet *p);
LUA_ERROR("key len out of range: max 256");
}
- FlowVar *fv = FlowVarGetByKey(f, (const uint8_t *)keystr, (uint16_t)keylen);
+ FlowVar *fv = FlowVarGetByKey(f, (const uint8_t *)keystr, (uint8_t)keylen);
if (fv == NULL) {
LUA_ERROR("no flow var");
}
}
memcpy(keybuf, keystr, keylen);
keybuf[keylen] = '\0';
- FlowVarAddKeyValue(f, keybuf, (uint16_t)keylen, buffer, (uint16_t)len);
+ FlowVarAddKeyValue(f, keybuf, (uint8_t)keylen, buffer, (uint16_t)len);
return 0;
}
/** list for flowvar store candidates, to be stored from
* post-match function */
typedef struct DetectVarList_ {
+ uint16_t type; /**< type of store candidate POSTMATCH or ALWAYS */
+ uint8_t pad[2];
uint32_t idx; /**< flowvar name idx */
uint16_t len; /**< data len */
uint16_t key_len;
- int type; /**< type of store candidate POSTMATCH or ALWAYS */
uint8_t *key;
uint8_t *buffer; /**< alloc'd buffer, may be freed by
post-match, post-non-match */
#include "util-var.h"
typedef struct FlowBit_ {
- uint8_t type; /* type, DETECT_FLOWBITS in this case */
- uint8_t pad[3];
+ uint16_t type; /* type, DETECT_FLOWBITS in this case */
+ uint8_t pad[2];
uint32_t idx; /* name idx */
GenericVar *next; /* right now just implement this as a list,
* in the long run we have think of something
* \note flow is not locked by this function, caller is
* responsible
*/
-FlowVar *FlowVarGetByKey(Flow *f, const uint8_t *key, uint16_t keylen)
+FlowVar *FlowVarGetByKey(Flow *f, const uint8_t *key, FlowVarKeyLenType keylen)
{
if (f == NULL)
return NULL;
}
/* add a flowvar to the flow, or update it */
-void FlowVarAddKeyValue(Flow *f, uint8_t *key, uint16_t keysize, uint8_t *value, uint16_t size)
+void FlowVarAddKeyValue(
+ Flow *f, uint8_t *key, FlowVarKeyLenType keylen, uint8_t *value, uint16_t size)
{
FlowVar *fv = SCCalloc(1, sizeof(FlowVar));
if (unlikely(fv == NULL))
fv->data.fv_str.value = value;
fv->data.fv_str.value_len = size;
fv->key = key;
- fv->keylen = keysize;
+ fv->keylen = keylen;
fv->next = NULL;
GenericVarAppend(&f->flowvar, (GenericVar *)fv);
#define FLOWVAR_TYPE_STR 1
#define FLOWVAR_TYPE_INT 2
+typedef uint8_t FlowVarKeyLenType;
/** Struct used to hold the string data type for flowvars */
typedef struct FlowVarTypeStr {
uint8_t *value;
/** Generic Flowvar Structure */
typedef struct FlowVar_ {
- uint8_t type; /* type, DETECT_FLOWVAR in this case */
+ uint16_t type; /* type, DETECT_FLOWVAR in this case */
uint8_t datatype;
- uint16_t keylen;
+ FlowVarKeyLenType keylen;
uint32_t idx; /* name idx */
GenericVar *next; /* right now just implement this as a list,
* in the long run we have think of something
/** Flowvar Interface API */
void FlowVarAddIdValue(Flow *, uint32_t id, uint8_t *value, uint16_t size);
-void FlowVarAddKeyValue(Flow *f, uint8_t *key, uint16_t keysize, uint8_t *value, uint16_t size);
+void FlowVarAddKeyValue(
+ Flow *f, uint8_t *key, FlowVarKeyLenType keylen, uint8_t *value, uint16_t size);
void FlowVarAddIntNoLock(Flow *, uint32_t, uint32_t);
void FlowVarAddInt(Flow *, uint32_t, uint32_t);
FlowVar *FlowVarGet(Flow *, uint32_t);
-FlowVar *FlowVarGetByKey(Flow *f, const uint8_t *key, uint16_t keylen);
+FlowVar *FlowVarGetByKey(Flow *f, const uint8_t *key, FlowVarKeyLenType keylen);
void FlowVarFree(FlowVar *);
void FlowVarPrint(GenericVar *);
VAR_TYPE_IPPAIR_VAR,
};
-/** \todo see ticket #6855. The type field should be 16 bits. */
typedef struct GenericVar_ {
- uint8_t type; /**< variable type, uses detection sm_type */
- uint8_t pad[3];
+ uint16_t type; /**< variable type, uses detection sm_type */
+ uint8_t pad[2];
uint32_t idx;
struct GenericVar_ *next;
} GenericVar;
typedef struct XBit_ {
- uint8_t type; /* type, DETECT_XBITS in this case */
- uint8_t pad[3];
+ uint16_t type; /* type, DETECT_XBITS in this case */
+ uint8_t pad[2];
uint32_t idx; /* name idx */
GenericVar *next;
uint32_t expire;
projects / thirdparty / suricata.git / commitdiff
